GDPR and register extracts, will there be a difference compared to today?

Will the number of requests for register extracts increase?

Today, there are a few individuals who request an extract from our records. Probably only a fraction per thousand of the total amount of personal data that we handle. But what will happen once the new legislation has come into effect around GDPR and register extracts? Will the number of requests increase? If so, to what extent? Can we handle this rationally? These are many of the questions that several of our customers ask themselves in connection with the new Data Protection Regulation coming into force

Claims

In Article 82.1 we can read the following:

”Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.”

The individual therefore has the opportunity to pursue claims against your company if the processing of its personal data has not taken place in accordance with the Data Protection Regulation. Will this be a driving force? Will some individuals put this into system? Services may be created on the market. Support for individuals in addressing data regulation violations could be provided. With all certainty, but it is difficult to estimate the extent today.

To reach that point, a person must report an incident or demonstrate non-compliance with the Data Protection Regulation. One tool for the latter is to demand register extracts from the company’s register and find the places where these violate, for example, the consent collected.

How long will it take for automated services to perform this on behalf of the person? Today, there are, for example, automated services to claim compensation in the event of, for example, flight delays. We therefore believe that requests for register extracts will increase compared to today.

New efficient processes

Article 12.3 addresses how quickly we must react:

“The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request.”

Articles 15-22 define the individual’s rights concerning your company, including the right to be informed (register extract), the right to correction, and the right to be forgotten. Prepare for these claims and anticipate the legislation’s impact.

We believe it is essential for the company to prepare for an increase in requests for register extracts. Additionally, having well-designed templates and efficient processes in place to manage these requests is crucial.

GDPR

The General Data Protection Regulation, GDPR, is a new data protection regulation that will apply within the EU from 25 May 2018. The aim of the regulation is to strengthen the protection of personal integrity so that this fundamental right is in balance with other fundamental rights and legitimate societal interests. In addition to it, there will also be a new data protection law (Dataskyddslagen), which is Swedish additions to the GDPR.

Samuel Persson

Samuel has worked as a consultant for 30 years in a variety of industries and business areas. 
His professional network and his thorough knowledge are the basis for the several executive and board members roles he held.

More interesting articles…